(1) Field of the Invention
The present invention relates to a data communication method and system for enabling encrypted data communication between a client and a server and, more particular, to a data communication method and system making it easy to perform a client-to-server authentication procedure, using a session management server.
(2) Description of Related Art
In a method of encrypted communication in a network, a client and a server carry out a peer device authentication procedure to prevent communication with an unintended peer for each other and, upon a successful peer device authentication, exchange encryption parameters for communication. Public key certificates are applied in Internet Protocol Security (IPsec) described in RFC 2401 “Security Architecture for the Internet Protocol” (non-patent document 1) of the Internet Engineering Task Force (IETF) and Transport Layer Security (TLS) described in RFC 2246 “The TLS Protocol Version 1.0” (non-patent document 2).
In the case of authentication using public key certificates, it is necessary for each node which may be a client or a server to verify that a public key certificate provided by its peer is the one issued from a reliable certificate authority by any method. For example, one method of verifying a public key certificate is to obtain in advance a reliable certificate authority's root certificate for authenticating the certificate authority that issued the public key certificate offered by the peer by any method and verify the certificate authority's signature attached to the public key certificate offered by the peer by the public key of the certificate authority's root certificate. According to this verification method, a server and a client have to prepare in advance the root certificates of certificate authorities in association with public key certificates of all peer devices with which the server/client may communicate.
As FIG. 1 shows, for example, assume a system where a plurality of clients (terminal devices) CL1, CL2, and CL3 have secret keys SK1, SK2, and SK3 and public key certificates PK1, PK2, and PK3 issued by different certificate authorities (CA1, CA2, and CA3), respectively, and servers SV1, SV2, and SV3 also have secret keys SK11, SK12, and SK13 and public key certificates PK11, PK12, and PK13 issued by different certificate authorities (CA1, CA2, and CA3), respectively. To enable each client to communicate with one of the servers SV1, SV2, and SV3 at any time, each server must have in advance a plurality of root certificates RT1, RT2, and RT3 for the certificate authorities (CA1, CA2, and CA3) that issued the public key certificates (PK1, PK2, PK3), respectively, each being held by each of the clients CL1, CL2, and CL3 that can be a peer to the server, as shown. Likewise, each client also must prepare in advance the plurality of root certificates RT1, RT2, and RT3 for the certificate authorities (CA1, CA2, and CA3) that issued the public key certificates (PK11, PK12, PK13), respectively, each being held by each of the servers SV1, SV2, and SV3 that can be a peer to the client. In this system architecture, each client and each server must repeat an authentication process each time when initiating communication with its peer.
FIG. 2 shows a block diagram of a basic configuration of software that a client arms to carry out IPsec-encrypted communication described in the above-mentioned RFC 2401.
Here, reference numeral 20 denotes a network interface card (NIC) module, 30 denotes a TCP/IP layer software module, 40 denotes an application layer software module, and 50 denotes a software module for Internet Key Exchange (IKE) process as a key management process described in RFC 2409 “The Internet Key Exchange (IKE)” (non-patent document 3). An IPsec engine 31 is provided as a part of the TCP/IP layer software, equipped with a Security Policy Data Base (SPDB) 32 storing information (SP information) for determining whether encryption should be applied to transmission packets and a Security Association Data Base (SADB) 33 storing information (SA information) such as encryption schemes and encryption keys which are used for encrypted communication.
A server that can be a peer to the client also arms the same software as shown in FIG. 2, so that the client's application layer will communicate with the server's application layer and the client's key management process will communicate with the server's key management process.
When the IPsec engine 31 detects an IP packet transmission request issued by a program in the application layer 40, it checks the header information of the IP packet against the SPDB32 and determines whether IPsec should be applied to this IP packet. Having determined that IPsec should be applied to the IP packet, the IPsec engine 31 retrieves Security Association (SA) information to be used for the IP packet from the SADB 33. At this time, if the SA information for the IP packet has not been registered in the SADB 33, the IPsec engine 31 requests the IKE (key management) process 50 to exchange SA information including an encryption key with the peer (destination server).
The IKE process 50 exchanges SA information with the peer in accordance with an Internet Security Association and Key Management Protocol (ISAKMP) described in RFC 2406 “Internet Security Association and Key Management Protocol (ISAKMP)” (non-patent document 4). In the ISAKMP, after establishing an encrypted communication path between itself and its peer, each communication node carries out an authentication procedure to verify whether the peer is a true device permitted for communication. Upon verifying that the peer is a true device permitted for encrypted communication by the above authentication procedure, the IKE process 50 starts to exchange SA information with the peer device through the communication path set up by ISAKMP. Upon completing the exchange of SA information with the peer, the IKE process 50 notifies the IPsec engine 31 of the SA information and related Security Policy (SP) information.
After storing the SP information and SA information notified from the IKE process 5 into the SPDB 32 and SADB 33, respectively, the IPsec engine 31 encrypts the IP packet in accordance with the SA information and transmits it to the peer. Upon receiving the encrypted IP packet, a server as the peer decrypts the received IP packet in accordance with the SA information agreed upon by the IKE process and notifies the server's application layer of the IP packet reception.
Meanwhile, RFC 3261 “SIP: Session Initiation Protocol” (non-patent document 5) describes a method in which mutual authentication between a client (user agent client) and a Session Initiation Protocol (SIP) proxy which is a session management server and mutual authentication between the SIP proxy and a server (user agent server) are performed by Transport Layer Security (TLS) and encrypted communication is performed between the client and the SIP proxy and between the SIP proxy and the server. According to the SIP model of RFC 3261, the client and the server are initially verified to be true peers by the SIP proxy and encrypted SIP messages are communicated between the client and the server. Thus, it is difficult for a device other than the client, server, and SIP proxy to intercept messages communicated between the client and the server.
The SIP is a text-based protocol and a SIP message is comprised of a header and a message body indicating the contents of session. Details on the SIP are described in RFC 3263 “Session Initiation Protocol (SIP): Locating SIP Servers” (non-patent document 6). Moreover, RFC 2327 “SDP: Session Description Protocol” (non-patent document 7) discloses a Session Description Protocol (SDP) that is used for session descriptions and a method of describing encryption parameters to be exchanged between a client and a server. The client and server in the SIP model exchange session descriptions and encryption parameters by SIP messages through encrypted communication paths established between the client and the SIP proxy and between the SIP proxy and the server. Then, communication of encrypted packets using the encryption parameters can be performed between the client and server.
FIG. 3 shows an example of an authentication system using the above described SIP proxy. Here, “PR” denotes a ship proxy connected to a plurality of clients CL1, CL2, and CL3 and a plurality of servers SV1, SV2, and SV3. The SIP proxy PR uses a secret key SK 30 and a public key certificate PK30 issued by a certificate authority CA4 and has in advance a plurality of root certificates RT1, RT2, and RT3 corresponding to certificate authorities (CA1, CA2, and CA3) that issued public key certificates to be used by the servers SV1, SV2, and SV3, respectively, in order to authenticate these servers.
In the authentication system using the SIP proxy, each of servers and clients is solely required to have only a root certificate RT4 for the certificate authority that issued the public key certificate PK30 to be used by the SIP proxy, as the root certificate for authenticating its peer, as shown in FIG. 3. When each client wishes to connect to another server after terminating a communication with one server via the SIP proxy, the client can communicate with the SIP proxy through the already established encrypted communication path between itself and the SIP proxy. Thus, the client is solely required to exchange encryption parameters with a new peer before initiating encrypted communication with the new peer. In other words, in the authentication system using the SIP proxy, it is advantageous that each client does not have to perform a new authentication process each time connecting to another server.
Nevertheless, in the SIP framework, the session management server (SIP proxy) determines the forwarding destination of a received SIP message by an identifier (SIP-URI) in a form of “user-name@domin-name” which is termed Address-of-Record (AOR). Thus, in a network system requiring session set up via a session management server like the above SIP proxy, an application to be executed on a client has to use, as the identifier for designating a destination server, SIP-URI (Uniform Resource Identifier) capable of identifying a domain to which the server belongs.
More specifically, in the SIP framework, a client creates a connection request SIP message, in which SIP-URI in the form of AOR to specify a destination server is described as a Request-URI included in a start line, and transmits an IP packet including the SIP message in the payload to a home SIP proxy located in the domain to which the client belongs. Having received the IP packet, the SIP proxy executes, for example, NATPR Record search and SRV Record search in a Domain Name System (DNS), based on the domain name given from the AOR described as the Request-URI, thereby determining the IP address or Full Qualified Domain Name (FQDN) of a SIP proxy (forwarding destination SIP proxy) located in a domain to which the server to be the forwarding destination of the received message belongs. If the result of the SRV Record search gives FQDN, the IP address of the forwarding destination SIP proxy can be obtained by executing A Record search in the DNS. A procedure for obtaining the IP address of the forwarding destination SIP proxy from a domain name is described in RFC 3263 (non-patent document 6).
If the destination server belongs to the home domain to which the SIP proxy having received the SIP message belongs, the SIP proxy obtains the IP address (or FQDN) of the destination server from a location service DB (database), using the SIP-URI described in the Request-URI of the received message as a search key, assigns this IP address to the destination address of the IP packet, and forwards the SIP message to the destination server. If the destination serve belongs to a domain different from the home domain to which the SIP proxy (or the source client) belongs, the SIP message is forwarded to a SIP proxy located in a domain to which the destination server belongs. This forwarding destination SIP proxy obtains an IP address or FQDN of the destination server from the location service DB and forwards the SIP message to the destination server.
As described above, in the network system requiring session set up via a session management server (SIP proxy), the session management server having received a SIP message determines the domain to which the destination server belongs from the requested resource identifier (SIP-URL: Uniform Resource Locator) included in the received SIP message and forwards the received message to the destination server or destination session management server. However, each of general application programs that are executed on a client terminal connected to an IP network uses an identifier like an IP address that identifies only a destination server, rather than an identifier including a domain name like the above SIP-URI in the AOR form, to specify the destination server.
If an application program or software for encrypted communication issues a connection request designating the destination server with an IP address and a client transmits a connection request SIP message including the IP address for designating the destination server, a session management server (SIP proxy) having received this connection request message cannot identify a domain to which the received message must be forwarded. In this case, clients cannot take profit from the advantage of the authentication system shown in FIG. 3.